APPLICATION NO. | FILING DATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. | CONFIRMATION NO. 

09/607,007 06/29/2000 Thomas P. Hardjono 120-147 7322 

34845 7590 03/24/2008 I EXAMINER 

Anderson Gorecki & Manaras LLP I 

33 NAGOG PARK choudhury, azizul q 
ACTON, MA 0 1 720 I 


PAPER NUMBER 


NOTIFICATION DATE | DELIVERY MODE 
03/24/2008 ELECTRONIC 


Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 
following e-mail address(es): 

handerson @ smmalaw.com 
officeadmin @ smmalaw.com 


PTOL-90A (Rev. 04/07) 


l/ffflrC? nVrliUli Otfff Iff ids y 

Application No. 

09/607,007 

Applicant(s) 

HARDJONO ET AL. 

Examiner 

AZIZUL CHOUDHURY 

Art Unit 

2145 



- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 


A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^| Responsive to communication(s) filed on 27 December 2007 . 
2a )£3 This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) See Continuation Sheet is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-8. 10-25. 27-28. 31-45. 47-61. 63-68. 70-75. 77-87. 89-105. 108-128 and 131-144 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) L~H The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 29 June 2000 is/are: a)^ accepted or b)^ objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 


Attachment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 

PTOL-326 (Rev. 08-06) Office Action Summary Part of Paper No./Mail Date 20080314 


Continuation Sheet (PTOL-326) Application No. 09/607,007 

Continuation of Disposition of Claims: Claims pending in the application are 1-8,10-25,27,28,31-45,47-61,63-68,70-75,77- 
87,89-105,108-128 and 131-144. 


2 


Application/Control Number: 09/607,007 
Art Unit: 2145 


Page 2 


Detailed Action 

This office action is in response to the amendment received on December 27, 2007. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-8, 10-25, 27-28, 31-45, 47-61, 63-68, 70-75, 77-87, 89-105, 108-128, 

and 131-144 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mittra (US 

Pat No: US005748736A) in view of He et al (US Pat No: US006088451A) and in 

further view of Watson (5,682,478), hereafter referred to as Mittra, He and Watson, 

respectively. 

1 . With regards to claims 1,16, 28, 40, 61 , 68, 75, 78, 87, 99, 113,1 22, Mittra 
teaches through He and Watson, a communication system comprising: 

• a plurality of multicast devices forming a shared multicast distribution tree; a 
host device; a key server; (Mittra discloses a multicast network wherein; any 
member of the multicast network may be a sender or a receiver (column 4, 
lines 5-19)) and 

• a designated device, separate from the key server, through which the host 
device requests access to the shared tree associated with a group (Mittra's 
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design allows the network to be a tree architecture (column 6, lines 1-19). In 
addition, Mittra discloses that if desired, separate key distribution centers 
(KDC, equivalent to the claimed key server) are also usable (column 4, lines 
53-54, Mittra)), wherein: 
• the host device obtains access information from the key server for the host 
device to enable the host device to request access the shared tree associated 
with the group, the access information including authentication information 
unique to the host device/group pair, the authentication information including 
an access token comprising a host identifier, a token identifier and an 
authentication key for authenticating the host with the designated device 
(There exists a device in Mittra's design (the GSC) that maintains group 
membership information and hence authenticates hosts and receivers in the 
multicast network (column 7, line 64 - column 8, line 10). Furthermore, it is 
inherent that authentication for each host device must be unique as claimed. 
This is because certificates apply public key cryptographic algorithms and 
public key algorithms require unique data for each user to be authenticated. 
During authentication, the access information must contain an id of some 
form to distinguish it; hence a member identifier inherently must be present. 
Mittra discloses the use of a member id that is equivalent to the claimed host 
identifier (column 7, lines 52-54). In addition, keys are present in Mittra's 
design and are deemed equivalent to the claimed authentication keys. As for 
the token ID, this is taught by He); 
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• the designated device obtains the access information associated with the host 
device/group pair from the key server for enabling the host device to access 
the shared tree; the host device sends an access control message to the 
designated device to join the shared tree; and the designated device uses the 
access information to authenticate the host device before adding the host 
device to the shared tree, including using the token identifier to obtain a group 
identifier and authentication key from memory in order to verify authentication 
of the host device (Mittra discloses that if desired, separate key distribution 
centers (KDC, equivalent to the claimed key server) are also usable (column 
4, lines 53-54, Mittra). The process of host authentication in networks 
(including multicast networks) is a standard set by the IGMP version 2 
protocol. Mittra discloses the methods by which devices may request and 
gain access to a multicast network by communicating (sending and receiving 
of data by the devices) with an authentication host (the GSC). Finally, Mittra's 
disclosure teaches that certificates expire and new ones are created and sent 
with messages (column 11, lines 39-42, Mittra) (expiration of certificates is 
equivalent to the key expiration date of claim 145). It is obvious that since the 
certificate expiration is noticed and new certificates are sent, that the claimed 
access information comprising expiration date information is also present 
within Mittra's design. While, Mittra discloses a design with a device (the 
GSC) that functions as an authentication device as well as an access device, 
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Mittra does not teach physically independent authentication and access 
devices nor does Mittra disclose the use of tokens). 

In the same field of endeavor, He teaches a network access design. 
Within the design, He teaches how the concept of physically separate 
authentication and access devices existed (Figure 2, He). In addition, He 
also teaches the use of tokens wherein the token ID must be entered to fulfill 
authentication needs (column 30, lines 8-27, He). 

However, He does not explicitly teach using a token to obtain a group 
id and authentication key. In the same field of endeavor, Watson teaches 
how tokens in network can be constructed from identification and 
authentication information (see column 3, lines 25-27, Watson). While the 
identification information within the Watson design is for a user, Mittra 
teaches the use of group ids. 

Therefore, it would have been obvious to one skilled in the art, during 
the time of the invention, to have combined the teachings of Mittra with those 
of He and Watson, to provide the necessary security mechanisms that can 
effectively control access to network elements and hence protect network 
resources and information (column 1, lines 55-59, He). 

2. With regards to claim 2, Mittra teaches, a communication system wherein the 
key server includes logic for authenticating the host device and generating the 
access information for the host device to access the shared tree 


Application/Control Number: 09/607,007 Page 6 

Art Unit: 2145 

(Servers are simply devices that are able to fulfill requests made by client 
machines. Mittra's design contains GSCs which act as servers. It is with the 
GSC that members of the multicast network (including the hosts) authenticate 
themselves with keys (column 7, line 64 - column 8, line 10). Since 
authentication occurs, it is obvious that the logic to do so is present as well, as 
claimed). 

3. With regards to claims 3, 20, 64 and 71, Mittra teaches, a communication 
system wherein the key server provides the access information to the host 
device over a secure communication channel 

(A communication system is able to be a method, computer program and 
an apparatus. The networks of Mittra's design uses secure channels (column 8, 
lines 3-10)). 

4. With regards to claims 4, 23, 65 and 72, Mittra teaches, a communication 
system wherein the key server provides the access information to the 
designated device using a unicast distribution mechanism 

(A communication system is able to be a method, computer program and 
an apparatus. Mittra's design allows for both unicast and multicast (column 6, 
lines 1-19)). 
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5. With regards to claims 5, 24, 66 and 73, Mittra teaches, a communication 
system wherein the key server provides the access information to the 
designated device using a multicast distribution mechanism 

(A communication system is able to be a method, computer program and 
an apparatus. Mittra's design allows for both unicast and multicast (column 6, 
lines 1-19)). 

6. With regards to claims 6, 25, 67 and 74, Mittra teaches, a communication 
system wherein the key server provides the access information to the 
designated device using a broadcast distribution mechanism 

(A communication system is able to be a method, computer program and 
an apparatus. Mittra's design allows for multicast networks (column 6, lines 1- 
19), which is a broadcast network. Furthermore, Mittra discloses that any 
network may be used for the design (column 4, lines 60-61)). 

7. With regards to claim 7 Mittra teaches through He, a communication system 
wherein the designated device requests the access information from the key 
server upon receiving the access control message 

(A communication system is a method. A device that requires 
authentication will need authentication with the key server (GSC) and hence the 
two must communicate with each other (column 8, lines 3-14). While, Mittra 
discloses a design with a device (the GSC) that functions as an authentication 
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device as well as an access device, Mittra does not teach physically independent 
authentication and access devices. In the same field of endeavor, He teaches a 
network access design. Within the design, He teaches how the concept of 
physically separate authentication and access devices existed (Figure 2, He). In 
addition, He also teaches the use of tokens wherein the token ID must be 
entered to fulfill authentication needs (column 30, lines 8-27, He). Therefore, it 
would have been obvious to one skilled in the art, during the time of the 
invention, to have combined the teachings of Mittra with those of He, to provide 
the necessary security mechanisms that can effectively control access to network 
elements and hence protect network resources and information (column 1, lines 
55-59, He)). 

8. With regards to claim 8, Mittra teaches, a communication system wherein the 
key server provides the access information to the plurality of multicast devices 
forming the shared tree 

(The GSC (key server) of Mittra 's design maintains all the group 
membership information (column 7, line 64 - column 8, line 2)). 

9. With regards to claims 10, 37, 47, 77, 84, 89 and 96, He teaches, a 
communication system wherein the access information comprises: a token 
identifier in the access control message 
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(He also teaches the use of tokens wherein the token ID must be entered to 
fulfill authentication needs (column 30, lines 8-27, He). 


10. With regards to claims 11, 38, 85 and 97, Mittra teaches, a communication 
system wherein the access control message is an Internet Group Management 
Protocol (IGMP) join request including the token identifier 

(A communication system is able to be an apparatus, computer program 
and a method. Mittra's design performs authentication (column 8, lines 3-10). 
During authentication, the access information must contain an id of some form to 
distinguish it; hence a token identifier must be present. Mittra discloses the use of 
a member id that is equivalent to the claimed token identifier (column 7, lines 52- 
54). In addition, Mittra's design allows for the use of any network (column 4, 
lines 60-61) hence, any protocol that functions with the network chosen is 
acceptable). 


1 1 .With regards to claim 12, Mittra teaches, a communication system wherein the 
designated device joins the shared tree on behalf of the host device upon 
authenticating the host device 

(All devices to enter the multicast in Mittra's design must be authenticated 
since all devices are able to be receivers and senders (column 8, lines 3-10)). 
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12. With regards to claim 13, Mittra teaches, a communication system wherein the 
shared tree is a Protocol Independent Multicast (PIM) shared tree, and wherein 
the designated device sends a PIM join request upstream toward a rendezvous 
point device in order to join the shared tree on behalf of the host device upon 
authenticating the host device 

(Mittra's design allows for any network to be used and hence any protocol 
as well (column 4, lines 60-61)). 

13. With regards to claims 14, 15 and 58, Mittra teaches, a communication system 
wherein the designated device forwards the access control message to a 
neighboring device upon failing to authenticate the host device using the access 
information 

(A communication system is a method. Since each member of Mittra's 
multicast is both a receiver and a sender, each needs to be informed constantly 
what members are present. Otherwise, the multicast would be unable to 
distribute data properly). 

14. With regards to claims 18, 36, 48, 50, 83, 95, 108 and 131, He teaches, a 
method wherein the access information further comprises an expiration date for 
the access token 
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(He teaches the use of token and teaches how tokens have to be used 
within a short period of time before they are replaced (equivalent to expire); see 
column 30, lines 16-17, He). 

15. With regards to claim 19, Mittra teaches, a method wherein the access 
information further comprises a public key 

(The access information is used during authentication. During 
authentication, keys (no limitation was made on what type of key) are used 
between the two authenticating parties (column 8, lines 3-10)). 

16. With regards to claim 21, Mittra teaches, a method wherein the communication 
message is a group key management communication message 

(The authentication process occurs between a device and the GSC in 
Mittra's design (column 8, lines 3-10). The GSC maintains group key 
management and hence the communication message is a group key 
management communication message). 

17. With regards to claim 22, Mittra teaches, a method wherein sending the access 
information to the designated device for the host device comprises: sending a 
communication message including the access information to the designated 
device over a secure communication channel (Mittra's design uses secure 
channels (column 8, line 3)). 
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18. With regards to claims 27 and 109, Mittra teaches through He, a method wherein 
the access token comprises: a group identifier for identifying a multicast group; 
a host identifier for identifying the host device; an expiration date for the access 
token; a server identifier for identifying a key server; and a public key for the key 
server 

(An apparatus is able to be a method. Mittra's design performs 
authentication (column 8, lines 3-10). During authentication, the access 
information must contain ids of some form to distinguish it; hence a token 
identifier along with ids for other parameters must be present. Mittra's disclosure 
teaches that certificates expire and new ones are created and sent with 
messages (column 11, lines 39-42, Mittra) (expiration of certificates is equivalent 
to the key expiration date of claim 145). It is obvious that since the certificate 
expiration is noticed and new certificates are sent, that the claimed access 
information comprising expiration date information is also present within Mittra's 
design. While, Mittra discloses a design with a device (the GSC) that functions 
as an authentication device as well as an access device, Mittra does not teach 
physically independent authentication and access devices. In the same field of 
endeavor, He teaches a network access design. Within the design, He teaches 
how the concept of physically separate authentication and access devices 
existed (Figure 2, He). In addition, He also teaches the use of tokens wherein 
the token ID must be entered to fulfill authentication needs (column 30, lines 8- 
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27, He). Therefore, it would have been obvious to one skilled in the art, during 
the time of the invention, to have combined the teachings of Mittra with those of 
He, to provide the necessary security mechanisms that can effectively control 
access to network elements and hence protect network resources and 
information (column 1, lines 55-59, He)). 

19. With regards to claims 31 and 90, Mittra teaches through He, a method further 
comprising: generating authentication information using the access information; 
and sending the authentication information to the designated device 

(A computer program is a method. Mittra's design performs authentication 
(column 8, lines 3-10). During authentication, the claimed steps inherently must 
be performed. In the same field of endeavor, He teaches a network access 
design. Within the design, He teaches how the concept of physically separate 
authentication and access devices existed (Figure 2, He). In addition, He also 
teaches the use of tokens wherein the token ID must be entered to fulfill 
authentication needs (column 30, lines 8-27, He). Therefore, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Mittra with those of He, to provide the necessary 
security mechanisms that can effectively control access to network elements and 
hence protect network resources and information (column 1, lines 55-59, He)). 
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20. With regards to claims 32, 53, 79, 91, 114 and 137, Mittra teaches, a method 
wherein generating the authentication information using the access information 
comprises generating a digital signature using the access information and a 
predetermined digital signature scheme 

(An apparatus and computer program are able to be a method. Mittra's 
design has authentication means (column 8, lines 3-10). In authentication, it is 
very common to use digital signature schemes and hashes. Mittra as to what 
form of authentication to perform provides no limitation). 

21. With regards to claims 33, 54, 80, 92, 115 and 138, Mittra teaches, a method 
wherein the predetermined digital signature scheme comprises a keyed hash 
function 

(An apparatus and computer program are able to be a method. Mittra's 
design has authentication means (column 8, lines 3-10). In authentication, it is 
very common to use digital signature schemes and hashes. Mittra as to what 
form of authentication to perform provides no limitation). 

22. With regards to claims 34, 55, 81, 93, 116 and 139, Mittra teaches, a method 
wherein the keyed hash function comprises IPsec AH with Keyed-Hashing for 
Message Authentication using Message Digest 5 (HMAC-MD5). 

(An apparatus and computer program are able to be a method. Mittra's 
design has authentication means (column 8, lines 3-10). In authentication, it is 
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very common to use digital signature schemes and hashes. Mittra as to what 
form of authentication to perform provides no limitation). 


23. With regards to claims 35, 56, 82, 94, 117 and 140, Mittra discloses, a method 
wherein the keyed hash function comprises IP with Keyed-Hashing for Message 
Authentication using a Secure Hash Algorithm (HMAC-SHA-1) 

(An apparatus and computer program are able to be a method. Mittra's 
design has authentication means (column 8, lines 3-10). In authentication, it is 
very common to use digital signature schemes and hashes. Mittra as to what 
form of authentication to perform provides no limitation). 


24. With regards to claims 39, 86, 98, 121 and 144, Mittra teaches through He, a 
method further comprising: establishing a security agreement with the 
designated device using the access information 

(An apparatus and computer program are able to be a method. Mittra's 
design uses secure communication (column 4, lines 5-19). Security agreements 
must be set during secure communication. While, Mittra discloses a design with 
a device (the GSC) that functions as an authentication device as well as an 
access device, Mittra does not teach physically independent authentication and 
access devices. In the same field of endeavor, He teaches a network access 
design. Within the design, He teaches how the concept of physically separate 
authentication and access devices existed (Figure 2, He). In addition, He also 
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teaches the use of tokens wherein the token ID must be entered to fulfill 
authentication needs (column 30, lines 8-27, He). Therefore, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Mittra with those of He, to provide the necessary 
security mechanisms that can effectively control access to network elements and 
hence protect network resources and information (column 1, lines 55-59, He)). 

25. With regards to claims 41 and 123, Mittra teaches, a method further comprising: 
obtaining the access information for the host device 

(A computer program is a method. Mittra's design performs authenticating 
between devices and the GSC (column 4, lines 5-19) (column 8, lines 3-10). 
During the authentication process the obtaining of the access information as 
claimed inherently must be performed). 

26. With regards to claims 42, 43, 100, 101, 102, 124 and 125, Mittra teaches, a 
method wherein obtaining the access information for the host device comprises: 
receiving the access information from an access information server prior to 
receiving the access control message from the host device 

(An apparatus and computer program are methods. Mittra's design has a 
GSC that maintains information about the access and authentication information 
regarding all the devices within the network (column 7, line 64 - column 8, line 
2). No limitation was set regarding when data would be obtained by the GSC). 
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27. With regards to claims 44, 45, 57, 1 03, 1 04, 1 05, 1 1 8, 1 1 9, 1 26, 1 27, 1 28, 1 33, 
134, 141 and 142, Mittra teaches through He, a method wherein determining 
whether the host device is authorized to access the shared tree comprises: 
maintaining an access information database; searching the access information 
database for the access information for the host device; failing to find the access 
information for the host device in the access information database; and 
determining that the host device is not authorized to access the shared tree 

(An apparatus is a method. Authentication is performed by Mittra's design 
(column 8, liens 3-10). In addition, all the steps claimed are normal during 
authentication. Furthermore, the GSC in Mittra's design handles all the group 
information as claimed (column 7, line 54 - column 8, line 2). While, Mittra 
discloses a design with a device (the GSC) that functions as an authentication 
device as well as an access device, Mittra does not teach physically independent 
authentication and access devices. In the same field of endeavor, He teaches a 
network access design. Within the design, He teaches how the concept of 
physically separate authentication and access devices existed (Figure 2, He). In 
addition, He also teaches the use of tokens wherein the token ID must be 
entered to fulfill authentication needs (column 30, lines 8-27, He). Therefore, it 
would have been obvious to one skilled in the art, during the time of the 
invention, to have combined the teachings of Mittra with those of He, to provide 
the necessary security mechanisms that can effectively control access to network 
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elements and hence protect network resources and information (column 1, lines 
55-59, He)). 

28. With regards to claims 49, 51, 110, 111, 120, 132, 135, 136 and 143, Mittra 
teaches through He, a method wherein determining whether the host device is 
authorized to access the shared tree comprises: determining that the 
authentication key has expired based upon the expiration date for the 
authentication key; and determining that the host device is not authorized to 
access the shared tree; authenticating the host device using the access 
information and a predetermined authentication scheme; and determining 
whether the host device is authorized to access the shared tree based upon 
authenticating the host device using the access information and the 
predetermined authentication scheme 

(An apparatus is able to be a method. The claimed steps are known steps 
during authentication that must be performed. Mittra's design performs 
authentication (column 8, lines 3-10). In addition, Mittra's design further allows 
for the network to be of a tree form (column 4, lines 20-25). While, Mittra 
discloses a design with a device (the GSC) that functions as an authentication 
device as well as an access device, Mittra does not teach physically independent 
authentication and access devices. In the same field of endeavor, He teaches a 
network access design. Within the design, He teaches how the concept of 
physically separate authentication and access devices existed (Figure 2, He). In 
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addition, He also teaches the use of tokens wherein the token ID must be 
entered to fulfill authentication needs (column 30, lines 8-27, He). Therefore, it 
would have been obvious to one skilled in the art, during the time of the 
invention, to have combined the teachings ofMittra with those of He, to provide 
the necessary security mechanisms that can effectively control access to network 
elements and hence protect network resources and information (column 1, lines 
55-59, He)). 

29. With regards to claims 52 and 112, Mittra teaches, a method wherein 
authenticating the host device using the access information and the 
predetermined authentication scheme comprises: receiving authentication 
information from the host device; and authenticating the host device based upon 
the access information and the authentication information received from the host 
device 

(An apparatus is able to be a method. Mittra's design performs 
authentication (column 8, lines 3-10). In addition, the steps claimed, inherently 
must occur for the authentication process to function properly). 

30. With regards to claim 59, Mittra teaches, a method wherein determining whether 
the host device is authorized to access the shared tree based upon 
authenticating the host device using the access information and the 
predetermined authentication scheme comprises: determining that 
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authentication succeeded; and determining that the host device is authorized to 
access the shared tree 

(Mittra's design performs authentication (column 8, lines 3-10). In 
addition, the steps claimed, inherently must occur for the authentication process 
to function properly). 

31 .With regards to claim 60, Mittra teaches, a method further comprising: 
establishing a security association with the host device using the access 
information upon determining that the host device is authorized to access the 
shared tree 

(Mittra's design performs authentication (column 8, lines 3-10). In 
addition, the steps claimed, inherently must occur for the authentication process 
to function properly). 

32. With regards to claims 63, 70 Mittra teaches through He, an apparatus wherein 
the access token comprises: a group identifier for identifying a multicast group; 
a host identifier for identifying the host device; an expiration date for the 
authentication key; a server identifier for identifying a key server; and a public 
key for a key server 

(A communication system and a communication message are able to be a 
method, computer program and an apparatus. Mittra's design performs 
authentication (column 8, lines 3-10). During authentication, the access 
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information must contain ids of some form to distinguish it; hence a token 
identifier along with other identifiers must be present. The presence of identifiers 
is obvious due to the fact that data is being transferred in between multiple 
devices and for a variety of reasons. The only way to ensure that such 
processes function properly is to possess all the identifiers claimed. And, for an 
authentication to function properly, it obviously must possess an expiration 
method of some form. While, Mittra discloses a design with a device (the GSC) 
that functions as an authentication device as well as an access device, Mittra 
does not teach physically independent authentication and access devices. In the 
same field of endeavor, He teaches a network access design. Within the design, 
He teaches how the concept of physically separate authentication and access 
devices existed (Figure 2, He). In addition, He also teaches the use of tokens 
wherein the token ID must be entered to fulfill authentication needs (column 30, 
lines 8-27, He). Tokens refresh after a short period of time and this is equivalent 
to expiring. Therefore, it would have been obvious to one skilled in the art, 
during the time of the invention, to have combined the teachings of Mittra with 
those of He, to provide the necessary security mechanisms that can effectively 
control access to network elements and hence protect network resources and 
information (column 1, lines 55-59, He)). 

33. The obviousness motivation applied to claims 1,16, 28, 40, 61, 68, 75, 78, 87, 
99, 113, 1 22 and 1 45 are applicable to all their respective dependent claims. 
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Remarks 

The amendment received December 27, 2007 has been carefully reviewed, but 
is not deemed fully persuasive. The following paragraph addresses the concerns 
expressed in the amendment. 

The primary concern addressed within the amendment is the amended claim 
feature of using the token identifier to obtain a group identifier and authentication key 
from memory in order to verify authentication of the host device. The applicant 
contends that neither Mittra nor He teaches such a feature and the examiner concedes 
that neither art explicitly cite such a feature. Hence a new search was conducted and 
the Watson art was discovered. Watson teaches how tokens in network can be 
constructed from identification and authentication information (see column 3, lines 25- 
27, Watson). While the identification information within the Watson design is for a user, 
Mittra teaches the use of group ids. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AZIZUL CHOUDHURY whose telephone number is 
(571)272-3909. The examiner can normally be reached on M-F. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on (571) 272-3933. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

AC 


/Jason D Cardone/ 
Supervisory Patent Examiner, Art Unit 2145 


